x-kom hosting

zużycie procesora sięga 100%

theansw3r
utworzono
utworzono (edytowane)

Witam. Tak jak w temacie zużycie procesora sięga 100% i zaczyna mulić pracę komputera. Poniżej wrzucam logi OTL i GMER. Za wszelką pomoc dziękuję.

[b]OTL[/b]

[log]
OTL logfile created on: 2010-06-24 12:26:26 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\-DOM-\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 9,67 Gb Free Space | 39,61% Space Free | Partition Type: NTFS
Drive D: | 29,29 Gb Total Space | 3,44 Gb Free Space | 11,75% Space Free | Partition Type: NTFS
Drive E: | 29,29 Gb Total Space | 18,41 Gb Free Space | 62,85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOM
Current User Name: -DOM-
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-06-24 12:24:16 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\-DOM-\Pulpit\OTL.exe
PRC - [2010-06-01 19:00:52 | 001,778,480 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010-06-01 19:00:40 | 002,039,240 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010-05-04 16:05:48 | 011,981,408 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe
PRC - [2010-04-04 13:27:58 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008-04-14 21:51:52 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 21:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-14 21:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP]
PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 21:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-04-14 21:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 21:51:12 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-14 21:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 21:51:04 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2007-04-16 16:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006-10-27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006-08-17 07:35:00 | 000,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-06-24 12:24:16 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\-DOM-\Pulpit\OTL.exe
MOD - [2010-06-01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2008-04-14 21:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 21:50:58 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
MOD - [2008-04-14 21:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 21:50:58 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 21:50:58 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008-04-14 21:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 21:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 21:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-14 21:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 21:50:48 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2008-04-14 21:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-14 21:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2008-04-14 21:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-14 21:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 21:50:46 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008-04-14 21:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2008-04-14 21:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 21:50:42 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008-04-14 21:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 21:50:38 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll
MOD - [2008-04-14 21:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2008-04-14 21:50:34 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008-04-14 21:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-04-14 21:50:32 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\fltlib.dll
MOD - [2008-04-14 21:50:16 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2008-04-14 21:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-14 21:50:12 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2008-04-14 21:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2008-04-14 21:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008-04-14 21:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008-04-14 21:43:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME
MOD - [2008-04-14 21:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2006-05-03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-06-01 19:00:52 | 001,778,480 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2006-10-05 20:26:18 | 000,024,072 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-06-04 11:55:58 | 000,229,312 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010-06-01 19:00:24 | 000,087,824 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010-06-01 19:00:22 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010-06-01 19:00:20 | 000,015,464 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2009-03-25 15:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008-04-14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-04-14 00:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2007-10-26 12:20:40 | 004,124,352 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007-05-02 10:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2007-05-02 10:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2007-05-02 10:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2006-08-17 07:35:00 | 003,959,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2001-08-17 23:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001-08-17 23:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001-08-17 23:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001-08-17 23:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001-08-17 23:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone)
DRV - [2001-08-17 23:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001-08-17 23:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001-08-17 23:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001-08-17 23:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001-08-17 23:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001-08-17 23:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1659004503-2077806209-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/"
FF - prefs.js..extensions.enabledItems: SignPlugin@bph.pl:1.4.0.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-12 14:45:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-06-13 10:51:47 | 000,000,000 | ---D | M]

[2009-11-15 02:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-DOM-\Dane aplikacji\Mozilla\Extensions
[2010-06-24 11:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-DOM-\Dane aplikacji\Mozilla\Firefox\Profiles\c00s904i.default\extensions
[2010-06-08 10:25:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\-DOM-\Dane aplikacji\Mozilla\Firefox\Profiles\c00s904i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-06-15 16:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-DOM-\Dane aplikacji\Mozilla\Firefox\Profiles\c00s904i.default\extensions\SignPlugin@bph.pl
[2010-06-24 11:53:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-11-16 17:13:16 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
[2010-04-04 13:28:05 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-04-04 13:28:05 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-04-04 13:28:05 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-04-04 13:28:05 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-04-04 13:28:05 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-04-04 13:28:05 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-06-11 21:08:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-2077806209-1644491937-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659004503-2077806209-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1659004503-2077806209-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1659004503-2077806209-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.92.190.130 213.92.190.135
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\-DOM-\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\-DOM-\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-11-15 01:59:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-11-15 01:58:46 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "wscsvc"
MsConfig - Services: "wuauserv"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GammaTray.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^NCProTray.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files\ALLPlayer\ALLUpdate.exe ()
MsConfig - StartUpReg: [b]IPLA![/b] - hkey= - key= - C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)
MsConfig - StartUpReg: [b]NeroFilterCheck[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]NvCplDaemon[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]NvMediaCenter[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]nwiz[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: [b]WinampAgent[/b] - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-06-24 12:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-DOM-\Pulpit\skany
[2010-06-24 12:24:15 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\-DOM-\Pulpit\OTL.exe
[2010-06-24 11:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2010-06-23 19:33:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-06-23 19:32:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010-06-12 23:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010-06-12 23:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010-06-12 23:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010-06-12 23:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010-06-12 23:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010-06-12 23:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010-06-12 23:22:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-DOM-\Ustawienia lokalne\Dane aplikacji\Microsoft Help
[2010-06-12 23:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
[2010-06-12 18:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\McAfee
[2010-06-12 18:12:40 | 000,000,000 | ---D | C] -- C:\win2k_xp
[2010-06-11 23:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10
[2010-06-11 22:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\COMODO
[2010-06-11 22:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010-06-11 22:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Comodo Downloader
[2010-06-11 22:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-DOM-\Pulpit\antywirusy
[2010-06-11 21:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-06-11 20:53:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-06-11 20:53:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-06-11 20:53:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-06-11 20:53:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-06-11 20:51:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-06-11 20:50:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-05-17 19:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-DOM-\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files
[2010-05-09 21:14:54 | 000,015,112 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssm_mdfl.sys
[2010-05-09 20:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\NsPro
[2010-05-09 14:37:50 | 000,109,704 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssm_mdm.sys
[2010-05-09 14:37:50 | 000,083,592 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssm_bus.sys
[2010-05-09 14:37:50 | 000,012,424 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssm_whnt.sys
[2010-05-09 14:37:50 | 000,012,424 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssm_wh.sys
[2010-05-09 14:37:50 | 000,012,424 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssm_cmnt.sys
[2010-05-09 14:37:50 | 000,012,424 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssm_cm.sys
[2010-05-09 14:37:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2010-05-09 14:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010-05-09 13:43:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\-DOM-\Recent
[2010-05-09 13:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\ToniArts
[2010-05-02 23:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google
[2010-05-02 23:20:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-DOM-\Dane aplikacji\Google
[2010-05-02 23:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-DOM-\Ustawienia lokalne\Dane aplikacji\Temp
[2010-05-02 23:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
[2010-05-02 23:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010-05-02 23:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-DOM-\Ustawienia lokalne\Dane aplikacji\Google
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-06-24 12:47:07 | 000,772,096 | ---- | M] () -- C:\WINDOWS\System32\drivers\jkbldocm.sys
[2010-06-24 12:45:12 | 000,659,936 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010-06-24 12:30:18 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe
[2010-06-24 12:28:54 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\-DOM-\ntuser.dat
[2010-06-24 12:24:16 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\-DOM-\Pulpit\OTL.exe
[2010-06-24 12:23:02 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-06-24 11:40:31 | 002,845,542 | ---- | M] () -- C:\Documents and Settings\-DOM-\Pulpit\ellie goulding - starry eyed.mp31277317074_[mp3.teledyski.info].mp3
[2010-06-24 11:36:22 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-06-24 11:35:32 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-06-24 11:35:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-06-24 11:35:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-06-24 11:35:13 | 1610,141,696 | -HS- | M] () -- C:\hiberfil.sys
[2010-06-24 01:22:55 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\-DOM-\ntuser.ini
[2010-06-24 01:22:47 | 004,839,238 | -H-- | M] () -- C:\Documents and Settings\-DOM-\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-06-23 23:46:25 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-06-23 23:46:24 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\-DOM-\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-06-23 21:02:59 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010-06-23 20:16:13 | 003,720,704 | ---- | M] () -- C:\Documents and Settings\-DOM-\Pulpit\k'naan feat. david bisbal - wavin' flag .mp31277316970_[mp3.teledyski.info].mp3
[2010-06-23 20:15:47 | 003,401,801 | ---- | M] () -- C:\Documents and Settings\-DOM-\Pulpit\k'naan - wavin' flag (celebration mix).mp31277316961_[mp3.teledyski.info].mp3
[2010-06-23 19:29:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-06-23 18:08:34 | 000,307,927 | ---- | M] () -- C:\Documents and Settings\-DOM-\Moje dokumenty\matimati.jpg
[2010-06-18 09:03:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-06-13 12:34:53 | 001,344,400 | ---- | M] () -- C:\Documents and Settings\-DOM-\Pulpit\POPRAWIONA_Wisniewski_Marcin_-_Bazy_Danych.zip
[2010-06-13 11:36:52 | 000,317,032 | ---- | M] () -- C:\Documents and Settings\-DOM-\Pulpit\POPRAWIONA_Wisniewski_Marcin_-_Bazy_Danych.rar
[2010-06-13 10:50:48 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-06-13 00:16:05 | 000,069,624 | ---- | M] () -- C:\Documents and Settings\-DOM-\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-06-13 00:07:20 | 000,986,726 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-06-13 00:07:20 | 000,451,696 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-06-13 00:07:20 | 000,395,336 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-06-13 00:07:20 | 000,075,706 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-06-13 00:07:20 | 000,059,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-06-12 23:53:28 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-06-12 18:15:07 | 000,000,800 | ---- | M] () -- C:\WINDOWS\hpinfo.lnk
[2010-06-12 18:14:06 | 000,001,151 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\3820 pomocnik druku.lnk
[2010-06-12 17:22:14 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\-DOM-\Pulpit\e-biznes 20-04-2010.doc
[2010-06-11 23:14:54 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2010-06-11 22:53:23 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-06-11 21:08:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-05-30 14:12:57 | 003,018,278 | ---- | M] () -- C:\Documents and Settings\-DOM-\Pulpit\Technologie Internetowe - Egzamin.jpg
[2010-05-28 17:17:17 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010-05-27 19:30:31 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\-DOM-\Moje dokumenty\Akademik-ośw.o doch.Jarek.doc
[2010-05-17 19:19:48 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\-DOM-\Moje dokumenty\Podanie o praktyki-Marcin.doc
[2010-05-09 15:43:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt
[2010-05-09 15:15:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\optiflash.INI
[2010-05-07 18:02:40 | 000,000,394 | ---- | M] () -- C:\Documents and Settings\-DOM-\Pulpit\FIRMA.lnk
[2010-05-07 17:56:51 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2010-04-26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010-04-26 10:22:16 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\-DOM-\Moje dokumenty\Podanie o staż.doc
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-06-24 12:30:16 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe
[2010-06-23 20:17:48 | 002,845,542 | ---- | C] () -- C:\Documents and Settings\-DOM-\Pulpit\ellie goulding - starry eyed.mp31277317074_[mp3.teledyski.info].mp3
[2010-06-23 20:13:04 | 003,720,704 | ---- | C] () -- C:\Documents and Settings\-DOM-\Pulpit\k'naan feat. david bisbal - wavin' flag .mp31277316970_[mp3.teledyski.info].mp3
[2010-06-23 20:12:55 | 003,401,801 | ---- | C] () -- C:\Documents and Settings\-DOM-\Pulpit\k'naan - wavin' flag (celebration mix).mp31277316961_[mp3.teledyski.info].mp3
[2010-06-23 20:04:26 | 1610,141,696 | -HS- | C] () -- C:\hiberfil.sys
[2010-06-23 18:08:14 | 000,307,927 | ---- | C] () -- C:\Documents and Settings\-DOM-\Moje dokumenty\matimati.jpg
[2010-06-13 12:34:52 | 001,344,400 | ---- | C] () -- C:\Documents and Settings\-DOM-\Pulpit\POPRAWIONA_Wisniewski_Marcin_-_Bazy_Danych.zip
[2010-06-13 11:36:49 | 000,317,032 | ---- | C] () -- C:\Documents and Settings\-DOM-\Pulpit\POPRAWIONA_Wisniewski_Marcin_-_Bazy_Danych.rar
[2010-06-12 18:14:06 | 000,001,151 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\3820 pomocnik druku.lnk
[2010-06-12 17:09:14 | 000,076,288 | ---- | C] () -- C:\Documents and Settings\-DOM-\Pulpit\e-biznes 20-04-2010.doc
[2010-06-11 23:14:54 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2010-06-11 22:58:25 | 000,562,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010-06-11 20:53:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-06-11 20:53:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-06-11 20:53:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-06-11 20:53:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-06-11 20:53:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-06-02 23:34:37 | 000,772,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\jkbldocm.sys
[2010-06-02 23:33:12 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Dane aplikacji\qcopjv.dat
[2010-05-30 14:09:23 | 003,018,278 | ---- | C] () -- C:\Documents and Settings\-DOM-\Pulpit\Technologie Internetowe - Egzamin.jpg
[2010-05-27 19:30:31 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\-DOM-\Moje dokumenty\Akademik-ośw.o doch.Jarek.doc
[2010-05-17 19:19:48 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\-DOM-\Moje dokumenty\Podanie o praktyki-Marcin.doc
[2010-05-09 15:43:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt
[2010-05-09 15:40:16 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010-05-09 15:15:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\optiflash.INI
[2010-05-09 14:37:12 | 000,000,766 | ---- | C] () -- C:\WINDOWS\System32\Uninstall.ico
[2010-05-07 18:02:40 | 000,000,394 | ---- | C] () -- C:\Documents and Settings\-DOM-\Pulpit\FIRMA.lnk
[2010-05-07 17:56:51 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2010-05-02 23:18:29 | 000,001,034 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-05-02 23:18:28 | 000,001,030 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-04-26 10:22:15 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\-DOM-\Moje dokumenty\Podanie o staż.doc
[2010-02-15 15:47:56 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010-02-15 15:47:56 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010-02-15 15:47:55 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010-02-15 15:47:54 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010-02-15 15:47:54 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2010-02-15 15:47:54 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010-02-15 15:47:45 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2010-01-17 18:37:29 | 000,000,281 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2009-12-06 19:58:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-12-06 19:58:07 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-11-28 12:55:48 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009-11-20 18:41:12 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009-11-15 03:21:00 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-11-15 03:00:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-02-07 23:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-DOM-\Dane aplikacji\Gadu-Gadu 10
[2009-12-20 00:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-DOM-\Dane aplikacji\GanymedeNet
[2009-11-20 18:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-DOM-\Dane aplikacji\GHISLER
[2009-12-13 14:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-DOM-\Dane aplikacji\gtk-2.0
[2010-06-22 22:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-DOM-\Dane aplikacji\ipla
[2009-12-23 20:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-DOM-\Dane aplikacji\Nowe Gadu-Gadu
[2009-11-20 17:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-DOM-\Dane aplikacji\Opera
[2010-01-02 18:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-DOM-\Dane aplikacji\Softi Software
[2009-11-22 17:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-DOM-\Dane aplikacji\TuneUp Software
[2010-06-24 01:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-DOM-\Dane aplikacji\uTorrent
[2009-11-15 13:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\-DOM-\Dane aplikacji\WengoPhone
[2010-06-11 22:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-02-07 23:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-06-22 22:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2010-04-04 22:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
[2010-04-04 22:07:12 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010-05-28 17:17:17 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-11-15 01:59:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-04-04 14:14:43 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2001-07-21 23:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-05-09 15:47:13 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
[2010-06-23 19:32:54 | 000,013,846 | ---- | M] () -- C:\ComboFix.txt
[2009-11-15 01:59:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-06-24 11:35:13 | 1610,141,696 | -HS- | M] () -- C:\hiberfil.sys
[2009-11-15 01:59:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-11-28 02:29:10 | 000,001,811 | ---- | M] () -- C:\LU4.log
[2009-11-15 01:59:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-04-13 21:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-13 23:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-06-24 11:35:11 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-04-14 22:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys
[2008-04-14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008-04-14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008-04-14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2008-04-14 02:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008-04-14 22:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-04-14 22:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008-04-13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008-04-14 21:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008-04-14 21:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008-04-14 21:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008-04-13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008-04-13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe
< End of report >
[/log]

[b]GMER[/b]

[log]
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-24 15:18:34
Windows 5.1.2600 Dodatek Service Pack 3
Running: nuolbm4j.exe; Driver: C:\DOCUME~1\-DOM-\USTAWI~1\Temp\pxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB7E0A694] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB7E09C38] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB7E0A2FA] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xB7E0AEE8] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB7E09B14] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB7E0CDE6] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB7E0D1B6] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB7E094FC] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xB7E0A880] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xB7E0AA74] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xB7E092EC] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB7E0B60A] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB7E0B864] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB7E0C9DE] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB7E09ED4] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB7E0A4D6] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xB7E0AED8] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xB7E08F28] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB7E0A184] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xB7E0911E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xB7E0BA80] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xB7E0BEFE] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xB7E0BCA0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB7E0B422] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB7E0C472] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB7E0C726] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB7E0ACB0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB7E0CBD6] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xB7E0B1AA] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB7E09E6E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB7E0A070] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB7E09912] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB7E096FC] <-- ROOTKIT !!!

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + F0 804E274C 4 Bytes CALL D90607FF
.text jkbldocm.sys F7434012 94 Bytes [FF, 35, 0B, 43, 43, F7, 8F, ...]
.text jkbldocm.sys F7434071 409 Bytes [00, F6, C2, F2, 84, DD, 68, ...]
.text jkbldocm.sys F743420B 222 Bytes [74, 24, 1C, 8F, 45, 00, 68, ...]
.text jkbldocm.sys F74342EA 18 Bytes [66, 89, 45, 00, 66, C7, 04, ...]
.text jkbldocm.sys F7434318 497 Bytes [48, C6, 04, 24, 36, F8, C6, ...]
.text ...
? C:\WINDOWS\system32\drivers\jkbldocm.sys Urządzenie podłączone do komputera nie działa.
PAGE Ntfs.sys F7B77E55 4 Bytes CALL 8A2A7579
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9603360, 0x2456AE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!OpenServiceW 77DD6FDD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ADVAPI32.dll!OpenServiceW 77DD6FDD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] WININET.dll!InternetConnectA 771C1C6A 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] WININET.dll!InternetConnectW 771C2B63 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[768] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!OpenServiceW 77DD6FDD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[788] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!OpenServiceW 77DD6FDD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[944] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!OpenServiceW 77DD6FDD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1104] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 004F7CB0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!OpenServiceW 77DD6FDD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1192] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!OpenServiceW 77DD6FDD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1400] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!OpenServiceW 77DD6FDD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1608] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ADVAPI32.dll!OpenServiceW 77DD6FDD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] shell32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] shell32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] shell32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\-DOM-\Pulpit\nuolbm4j.exe[1640] shell32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ADVAPI32.dll!OpenServiceW 77DD6FDD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] WININET.dll!InternetConnectA 771C1C6A 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] WININET.dll!InternetConnectW 771C2B63 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1660] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!OpenServiceW 77DD6FDD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1716] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ADVAPI32.dll!OpenServiceW 77DD6FDD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1852] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 10025660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ADVAPI32.dll!OpenServiceW 77DD6FDD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ADVAPI32.dll!OpenServiceW 77DD6FDD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2404] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ADVAPI32.dll!OpenServiceW 77DD6FDD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2468] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ADVAPI32.dll!OpenServiceW 77DD6FDD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2680] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 2 Bytes JMP 006ECF90 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] ntdll.dll!NtAllocateVirtualMemory + 3 7C90CF53 2 Bytes [DE, 83]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ADVAPI32.dll!OpenServiceW 77DD6FDD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] WININET.dll!InternetConnectA 771C1C6A 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2752] WININET.dll!InternetConnectW 771C2B63 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ADVAPI32.dll!OpenServiceW 77DD6FDD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2812] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7A3C6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7A3C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F7A3C780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F7A3C740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F7A3C740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7A3C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7A3C6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F7A3C780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F7A3C780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F7A3C740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7A3C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7A3C6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F7A3C740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F7A3C780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7A3C6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7A3C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7A3C6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7A3C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F7A3C740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7A3C780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F7A3C740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7A3C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7A3C6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F7A3C740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F7A3C780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7A3C6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7A3C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0053E6E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [0053DD40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [0053E730] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0053E650] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0053E650] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0053DD40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0053E650] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [0053E730] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0053DD40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0053DD40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] [0053E730] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0053DD40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [0053D4A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [0053E730] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0053E690] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0053E6E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0053E650] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0053DD40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [0053D8A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [0053D930] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [0053D440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [0053DDD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [0053DE90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoW] [0053E0D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [0053D760] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [0053D800] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [0053DF50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteObject] [0053D4A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [0053E730] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0053E650] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [0053DD40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0053E6E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0053E690] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [0053E210] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [0053D8A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [0053DF50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [0053D440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [0053D930] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!RegisterClassW] [0053DE90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [0053D4F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!FillRect] [0053E340] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [0053E410] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawEdge] [0053E3C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [0053E0D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [0053D6F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [0053D760] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [0053D5E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [0053D4A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0053E650] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0053DD40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0053E6E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0053E690] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [0053E0D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSystemMetrics] [0053DF50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [0053D440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [0053D760] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!RegisterClassW] [0053DE90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [0053D930] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0053E650] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [0053DD40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0053E690] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0053E6E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [0053DD40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] [0053E730] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!GetSystemMetrics] [0053DF50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [0053E650] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0053E690] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateThread] [0053DD40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2688] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!GetSystemMetrics] [0053DF50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A2BD450

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] jkbldocm <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\jkbldocm@Type 1
Reg HKLM\SYSTEM\ControlSet001\Services\jkbldocm@Start 0
Reg HKLM\SYSTEM\ControlSet001\Services\jkbldocm@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet001\Services\jkbldocm@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\jkbldocm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\jkbldocm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\jkbldocm@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\jkbldocm@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\jkbldocm@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\jkbldocm@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\jkbldocm@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\jkbldocm@Group Boot Bus Extender

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\-DOM-\Dane aplikacji\Gadu-Gadu 10\1453972\Archive.db-journal 4640 bytes
File C:\Qoobox\Quarantine\C 0 bytes
File C:\Qoobox\Quarantine\C\Documents and Settings 0 bytes
File C:\Qoobox\Quarantine\C\Documents and Settings\-DOM- 0 bytes
File C:\Qoobox\Quarantine\C\Documents and Settings\-DOM-\Dane aplikacji 0 bytes
File C:\Qoobox\Quarantine\C\Documents and Settings\-DOM-\Dane aplikacji\avdrn.dat.vir 4 bytes
File C:\Qoobox\Quarantine\C\Documents and Settings\-DOM-\Menu Start 0 bytes
File C:\Qoobox\Quarantine\C\Documents and Settings\-DOM-\Menu Start\Programy 0 bytes
File C:\Qoobox\Quarantine\C\Documents and Settings\-DOM-\Menu Start\Programy\Autostart 0 bytes
File C:\Qoobox\Quarantine\C\WINDOWS 0 bytes
File C:\Qoobox\Quarantine\C\WINDOWS\system32 0 bytes
File C:\Qoobox\Quarantine\C\WINDOWS\system32\fjhdyfhsn.bat.vir 118 bytes
File C:\Qoobox\Quarantine\catchme.log 408 bytes
File C:\Qoobox\Quarantine\Registry_backups 0 bytes
File C:\Qoobox\Quarantine\Registry_backups\AddRemove-BankBrowser.reg.dat 782 bytes
File C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 5010 bytes

---- EOF - GMER 1.0.15 ----
[/log]

Mateusz J.
komentarz
komentarz

Logi czyste.
Jaki proces zużywa 100% procesora.
Sprawdź temperatury poszczególnych podzespołów.

EDIT
sprawdziłem pierwszy log, a o drugim kompletnie zapomniałem.
Chociaż perfidnie go widać:
C:\WINDOWS\System32\drivers\jkbldocm.sys

Gość
komentarz
komentarz

jesion:

[code]
Service (*** hidden *** ) [BOOT] jkbldocm <-- ROOTKIT !!!
[/code]
to jest rootkit



autor: daj log z ComboFixa -> http://www.bleepingcomputer.com/combofix/pl/instrukcja-uzycia-combofix

theansw3r
komentarz
komentarz

Jak usunąć tego rootkita ?

[quote]
Service (*** hidden *** ) [BOOT] jkbldocm <-- ROOTKIT !!!
to jest rootkit
[/quote]

Log Combofixa
[log]
ComboFix 10-06-28.01 - -DOM- 2010-06-29 19:49:55.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1535.957 [GMT 2:00]
Uruchomiony z: D:\ComboFix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((( Pliki utworzone od 2010-05-28 do 2010-06-29 )))))))))))))))))))))))))))))))
.

2010-06-29 17:24 . 2010-06-29 17:24 -------- d-----w- c:\documents and settings\-DOM-\Ustawienia lokalne\Dane aplikacji\COMODO
2010-06-29 17:19 . 2010-06-29 17:19 -------- d-----w- C:\RootkitRevealer_1.7
2010-06-25 10:57 . 2010-06-25 10:57 -------- d-----w- c:\documents and settings\-DOM-\.gstreamer-0.10
2010-06-25 10:56 . 2010-06-25 15:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2010-06-25 10:56 . 2010-06-25 10:56 -------- d-----w- c:\documents and settings\-DOM-\Dane aplikacji\OpenFM
2010-06-25 10:49 . 2010-06-25 10:50 10451600 ----a-w- c:\documents and settings\All Users\Dane aplikacji\ipla\update.exe
2010-06-24 09:53 . 2010-06-24 09:53 388096 ----a-r- c:\documents and settings\-DOM-\Dane aplikacji\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-15 14:20 . 2010-05-20 09:15 421376 ----a-w- c:\documents and settings\-DOM-\Dane aplikacji\Mozilla\Firefox\Profiles\c00s904i.default\extensions\SignPlugin@bph.pl\plugins\NPSignPluginBPH.dll
2010-06-12 21:41 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-06-12 21:41 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-06-12 21:36 . 2010-06-12 21:36 -------- d-----w- c:\program files\Microsoft Works
2010-06-12 21:35 . 2010-06-12 21:35 -------- d-----w- c:\program files\MSBuild
2010-06-12 21:33 . 2010-06-12 21:33 -------- d-----w- c:\program files\Microsoft.NET
2010-06-12 21:24 . 2010-06-12 21:24 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-06-12 21:22 . 2010-06-12 21:22 -------- d-----w- c:\documents and settings\-DOM-\Ustawienia lokalne\Dane aplikacji\Microsoft Help
2010-06-12 21:22 . 2010-06-12 21:56 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2010-06-12 16:52 . 2010-06-12 16:52 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\McAfee
2010-06-12 16:13 . 2010-06-13 08:50 -------- d-----w- c:\documents and settings\BB443B11-7D12-450c-9F85-2D32804655F9\temp
2010-06-12 16:13 . 2010-06-12 16:13 -------- d-----w- c:\documents and settings\BB443B11-7D12-450c-9F85-2D32804655F9
2010-06-12 16:12 . 2010-06-12 16:12 -------- d-----w- C:\win2k_xp
2010-06-11 21:13 . 2010-06-11 21:14 -------- d-----w- c:\program files\Gadu-Gadu 10
2010-06-11 20:58 . 2010-06-11 20:59 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\COMODO
2010-06-11 20:58 . 2010-06-29 17:38 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-06-11 20:56 . 2010-06-11 20:56 -------- d-----w- c:\program files\COMODO
2010-06-11 20:55 . 2010-06-11 20:56 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Comodo Downloader
2010-06-11 19:47 . 2010-06-11 20:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Alwil Software
2010-06-04 09:55 . 2010-06-04 09:55 229312 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-02 21:34 . 2010-06-29 17:59 772096 ----a-w- c:\windows\system32\drivers\jkbldocm.sys
2010-06-01 17:00 . 2010-06-01 17:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-01 17:00 . 2010-06-01 17:00 87824 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-01 17:00 . 2010-06-01 17:00 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-01 17:00 . 2010-06-01 17:00 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-25 10:54 . 2010-02-07 21:23 -------- d-----w- c:\documents and settings\-DOM-\Dane aplikacji\Gadu-Gadu 10
2010-06-25 10:50 . 2009-11-20 22:39 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla
2010-06-25 10:49 . 2009-11-20 22:39 -------- d-----w- c:\documents and settings\-DOM-\Dane aplikacji\ipla
2010-06-24 22:23 . 2009-12-06 16:48 -------- d-----w- c:\documents and settings\-DOM-\Dane aplikacji\uTorrent
2010-06-12 22:16 . 2009-11-15 00:06 69624 ----a-w- c:\documents and settings\-DOM-\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-06-12 22:07 . 2001-10-26 15:15 75706 ----a-w- c:\windows\system32\perfc015.dat
2010-06-12 22:07 . 2001-10-26 15:15 451696 ----a-w- c:\windows\system32\perfh015.dat
2010-06-12 16:15 . 2009-11-15 01:01 -------- d-----w- c:\program files\hp deskjet 3820 series
2010-06-12 16:13 . 2009-11-15 00:59 -------- d-----w- c:\program files\Hewlett-Packard
2010-06-11 19:47 . 2009-11-15 00:22 -------- d-----w- c:\program files\Alwil Software
2010-06-03 10:28 . 2010-06-03 10:28 12 ----a-w- c:\windows\system32\config\systemprofile\Dane aplikacji\qcopjv.dat
2010-06-02 21:33 . 2010-06-02 21:33 16 ----a-w- c:\documents and settings\NetworkService\Dane aplikacji\qcopjv.dat
2010-05-10 10:37 . 2009-11-20 22:38 -------- d-----w- c:\program files\ipla
2010-05-09 19:42 . 2010-05-09 18:25 -------- d-----w- c:\program files\NsPro
2010-05-09 13:39 . 2009-11-15 01:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-09 12:37 . 2010-05-09 12:37 -------- d-----w- c:\program files\Samsung
2010-05-09 11:38 . 2009-11-15 11:26 -------- d-----w- c:\program files\plfon
2010-05-09 11:33 . 2010-05-09 11:33 -------- d-----w- c:\program files\ToniArts
2010-05-09 11:31 . 2010-05-02 21:18 -------- d-----w- c:\program files\Google
2010-05-09 11:30 . 2009-12-19 22:36 -------- d-----w- c:\program files\Ganymede
2010-05-07 15:56 . 2009-11-20 15:55 -------- d-----w- c:\program files\Opera
2010-05-04 14:05 . 2010-05-04 14:05 42080 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
2010-05-04 14:05 . 2010-05-04 14:05 11776 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
.

------- Sigcheck -------

[-] 2008-05-08 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-05-08 . 9F02C1CF7C3100E4AEA7DD8B6A86A01B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-23_17.29.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-24 09:53 . 2010-06-24 09:53 1094656 c:\windows\Installer\10a7ed.msi
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-17 7630848]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-05 188416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-4 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GammaTray.lnk]
backup=c:\windows\pss\GammaTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^NCProTray.lnk]
backup=c:\windows\pss\NCProTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2009-06-04 21:56 869888 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
2010-05-04 19:23 15994776 ----a-w- c:\program files\ipla\ipla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-08-17 05:35 7630848 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-08-17 05:35 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-08-17 05:35 1617920 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2004-12-20 18:41 33792 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"wuauserv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\plfon\\qtwengophone.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Zgrane z C\\plfon\\qtwengophone.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-06-01 15464]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-06-04 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-06-01 25240]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 136176]
S3 MsibiosDevice;MsibiosDevice;\??\c:\program files\MSI\Live Update 4\LU4\msibios.sys --> c:\program files\MSI\Live Update 4\LU4\msibios.sys [?]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - RKREVEAL150
*Deregistered* - jkbldocm
*Deregistered* - RKREVEAL150

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Zawartość folderu 'Zaplanowane zadania'

2010-06-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 15:09]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 21:18]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 21:18]
.
.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel -
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {A2983DAB-FCCE-4B60-A1D3-C66966E89946} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\documents and settings\-DOM-\Dane aplikacji\Mozilla\Firefox\Profiles\c00s904i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/
FF - plugin: c:\documents and settings\-DOM-\Dane aplikacji\Mozilla\Firefox\Profiles\c00s904i.default\extensions\SignPlugin@bph.pl\plugins\NPSignPluginBPH.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-29 19:59
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\jkbldocm]

.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(3428)
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\Microsoft Office\Office12\1045\GrooveIntlResource.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Czas ukończenia: 2010-06-29 20:03:01
ComboFix-quarantined-files.txt 2010-06-29 18:02
ComboFix2.txt 2010-06-23 17:32
ComboFix3.txt 2010-06-11 20:03
ComboFix4.txt 2010-06-11 19:11

Przed: 10 619 367 424 bajtów wolnych
Po: 10 712 530 944 bajtów wolnych

- - End Of File - - 8668FAFEDBDD4E762D0BE47A349482D0

[/log]

Co do zużycia procesora to przeważnie największe zużycie mają procesy:
[b]firefox.exe
explorer.exe
YELMRNZ.exe[/b]

Gość
komentarz
komentarz

Wklej do Notatnika:
[quote]
KillAll::

File::
c:\windows\system32\drivers\sfi.dat
c:\windows\system32\config\systemprofile\Dane aplikacji\qcopjv.dat
c:\documents and settings\NetworkService\Dane aplikacji\qcopjv.dat
C:\WINDOWS\System32\drivers\jkbldocm.sys

Folder::
c:\program files\ToniArts

Driver::
jkbldocm
RKREVEAL150

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\jkbldocm]
[/quote]
[b]>>Plik>>Zapisz jako... >>> [color="#000000"]CFScript[/color][/b]
Przeciągnij i upuść plik [color="#000000"][b]CFScript.txt[/b][/color] na plik [b]ComboFix.exe[/b]
[b][color="blue"]-------->[/color][/b] [img]http://img167.imageshack.us/img167/7180/cfscript10gm1.gif[/img]
Ma się rozpocząć kopiowanie. (i powstanie log).

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.